Overview / Usage

Many platforms such as intranets, ecommerce platforms and websites allow there users to login to the systems using custom usernames and passwords

Weak user passwords are guessable and more often are the number one reason why user accounts get hacked by hackers.

Often Administrators ,organizations force strong password policy implementations so that users do not create and enter weak guessable passwords that are predictable such as user123,password1234 , pineapple_123456 and so on . For the sake of convenience user's are intelligent and they in turn outsmart the password creation policies and continue to use simple common password combinations that are guessable but meet the password creation policy for example Pineapple@1234! or Pineapple@123456! and so on .

Typically when passwords are stored in a database they are stored encrypted so that no one else apart from the user knows what there password is.

So as an administrator or organization you may think that you have enforced a strict password creation policy and that your user accounts are secure when infect that may not be the case . Because your user passwords are stored encrypted, You as the administrator have no way of telling or identifying if the password that the user created is by passing your password creation policy simply because the password that the user or employee has entered is stored encrypted which is not humanly readable to you .

Depending on the level of system access your employee or user has, if there account ever gets compromised it can result in serious damages to your organization.

Currently most organizations and platforms straight out of the box still store user passwords using the unsalted MD5 encryption format and most legacy systems still use MD5 for the purposes of compatibility.

This article will show you how to crack MD5 passwords using a dictionary attack using DPC++ .

you can later on implement it as an automated insecure password scanner and threat mitigation system .

The problem it will solve is help you find out if a user is using a insecure or commonly used password that can be exploited by hackers so that you can notify the employee or user as a preventative measure to change there password to something else that is less common or predictable.

Saving organizations from illegal hacks , fines and irreversible damages.

Increase the level of security for legacy systems through preventative threat mitigation.

In this concept tutorial you will take a single users hashed MD5 password from a Database and see if the password is insecure and crack able by comparing it with a common insecure password list and than be able to also see what the user password is .

Methodology / Approach

Data Sourcing Stage

We source a legitimate database (mock one for this example) containing user passwords already stored in MD5 format.

At the moment there is no way to tell what Tommy , Angelina or Ricks password are.

We next do some research and search the web and source a commonly used insecure passwords list .

Coding stage

We include the required headers and define the name spaces

We initialize any variables and populate them with data.

Next we select a device to use

Next we begin the cracking of the MD5 hash .

We finally out put the cracked passwords

You can view the concept code at the below Git hub repository to see how easy it is to crack insecure commonly used MD5 hashed passwords.

​

Usage instructions :

You can find the code at our github repository mentioned below in the article.

Copy the entire structure including all files to Intel dev cloud .

Ensure that the Python 3.7 (Intel OneApi) kernal is running

Ensure that you are using the q file ,crack_md5_passwords.sh that is provided with this source code.

Ensure that file exist in lab/crack_md5_passwords.cpp

Run the following jupyter notebook crack_md5_passwords.ipynb

Than Run the following command

​

DPC++ Development Experience

Creating cross architecture programs is easy in dpc , although there's a lot to learn such as how to break out of a parallel_for loop but overall it was a good experience to be able to code using c on the Intel devcloud jupyter notebooks and compile and run the concept programs easily than having the ability to download them onto my pc and also be able to run them in Visual studio, It really allows you to develop for cross architecture devices .

Technologies Used

We use Intel DPC++ and Jupyter lab on Intel Dev cloud to code and run the code.

Repository

https://github.com/prilcool/Intel-devmesh-codeproject-three

Other links

• Wikipedia Notes on MD5